{"id":4797,"date":"2023-10-05T10:34:44","date_gmt":"2023-10-05T10:34:44","guid":{"rendered":"https:\/\/itegriti.com\/kw022024\/?p=4797"},"modified":"2023-10-11T08:47:20","modified_gmt":"2023-10-11T08:47:20","slug":"emerging-threats-to-critical-infrastructure-staying-ahead","status":"publish","type":"post","link":"https:\/\/itegriti.com\/kw022024\/2023\/managed-services\/emerging-threats-to-critical-infrastructure-staying-ahead\/","title":{"rendered":"Emerging Threats to Critical Infrastructure: Staying Ahead"},"content":{"rendered":"

Summary: Although organizations and federal agencies recognize the importance of critical infrastructure to the national economy and the potential impact of a successful cyberattack, the US Government Accountability Office has identified many security gaps that are rooted primarily in the lack of coordination and collaboration. How can cybersecurity professionals help alleviate and secure critical infrastructure?<\/em><\/p>\n

Recent attacks on the Irish Health Service Executive (HSE), Colonial Pipeline, and JBS Food serve as a warning of the significant threat posed by ransomware to the essential systems, networks, and assets that support a country’s society and economy. These critical national infrastructure components include educational institutions, public health facilities, energy grids, transportation systems, and water treatment plants.<\/p>\n

These threats can also prove to be existential ones. St. Margaret\u2019s Health Hospital in Spring Valley, Illinois, announced on June 12, 2023, that it would shut down<\/a> because of the financial spiral caused by a devastating cyberattack in 2021.<\/p>\n

\u201cWill attackers adapt faster than we can evolve?\u201d<\/h2>\n

The risk of security breaches in critical infrastructure has increased significantly in recent years. Integrating digital technology into older systems has made these facilities more vulnerable to attacks. The threat landscape constantly changes, and malicious actors have recognized the potential financial benefits of targeting these industries. These attacks are becoming more sophisticated, with state-sponsored and independent hackers shifting their focus from IT to operational technology (OT) environments. The 2022 Microsoft Digital Defense Report<\/a> reveals that cyberattacks on businesses in IT, finance, transportation, and communication infrastructures accounted for 40% of all incidents in 2022, up from 20% in 2021.<\/p>\n

Ian Bramson, global head of industrial cybersecurity at ABS Group, says<\/a> that the real question for governments and cybersecurity professionals is, \u201cWill attackers adapt faster than we can evolve?\u201d<\/p>\n

57% of GAO recommendations have not been implemented<\/h2>\n

Even though the discussions between operators of facilities and federal bodies on protecting critical national infrastructure have intensified, the US Government Accountability Office (GAO) sounds the alarm. \u201cWe’ve made 106 public recommendations in this area since 2010. Nearly 57% of those recommendations had not been implemented as of December 2022,\u201d reads a recent report<\/a>. \u201cUntil these are fully implemented, federal agencies will be more limited in their ability to protect private and sensitive data entrusted to them.\u201d<\/p>\n

Which are the sectors that are primarily at risk, according to GAO?<\/p>\n

Energy grids<\/h3>\n

The growing connectivity of industrial control systems (ICS) poses a significant risk to the distribution systems of the US grid, making them increasingly vulnerable to cyberattacks. As sensitive processes and physical functions become exposed to the internet, malicious actors use various methods to access these systems, potentially disrupting operations.<\/p>\n

These methods include:<\/p>\n